Ambitious browser mitigation for Spectre attacks comes to Chrome

Google’s Chrome browser is undergoing a major architectural change to enable a protection designed to blunt the threat of attacks related to the Spectre vulnerability in computer processors. If left unchecked by browsers or operating systems, such attacks may allow hackers to pluck passwords or other sensitive data out of computer memory when targets visit malicious sites.

Site isolation, as the mitigation is known, segregates code and data from each Internet domain into their own “renderer processes,” which are individual browser tasks that aren’t allowed to interact with each other. As a result, a page located at arstechnica.com that embeds ads from doubleclick.net will load content into two separate renderer processes, one for each domain. The protection, however, comes at a cost. It consumes an additional 10 to 13 percent of total memory. Some of the performance hit can be offset by smaller and shorter-lived renderer processes. Site isolation will also allow Chrome to re-enable more precise timers, which Google and most other browser makers disabled earlier this year to decrease chances of successful attacks.

The Firefox devs are working on something similar and have set themselves a target of getting the base memory requirement for a content process down to 10MiB “in order to keep the extra overhead from Fission below 1GB” in their test target of 100 content processes.

On the plus side the architecture of Chrome will be even more suited to multicore CPUs, more of rendering of a page spread to multiple threads.

Is there any advantage for a typical workload though? IMHO, those background tabs don’t need any CPU whatsoever…let them starve until I choose to display them. As for a single tab, most of it is single threaded by nature. Browsers support parallel web workers, but it doesn’t do anything for the majority of websites in existence.

IMHO placing the burden of fixing spectre on software vendors is a stop-gap measure at best and the underlying vulnerabilities will continue to pose a threat to the industry until the affected hardware is physically replaced.